the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300
and a collateral entry in the connection tracking table (out of shorewall dump): Conntrack Table (1512 out of 65536) [...] udp 17 22 src=212.117.77.218 dst=62.155.185.165 sport=1300 dport=1300 [UNREPLIED] src=62.155.185.165 dst=80.152.162.192 sport=1300 dport=1024 mark=0 use=2 udp 17 172 src=62.155.185.165 dst=80.152.162.192 sport=1300 dport=1300 src=80.152.162.192 dst=62.155.185.165 sport=1300 dport=1300 [ASSURED] mark=256 use=2 [...] How can I get rid of the additional entry when the openvpn tunnel is renewed? Axel -- Wir verwenden ausschließlich blaue Elektronen aus biologischem Anbau. ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
